Vulnerability CVE-2021-26084


Published: 2021-08-30

Description:
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5.

See advisories in our WLB2 database:
Topic
Author
Date
High
Confluence Server 7.12.4 OGNL Injection Remote Code Execution
h3v0x
01.09.2021

Type:

CWE-74

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Atlassian -> Confluence 
Atlassian -> Data center 

 References:
https://jira.atlassian.com/browse/CONFSERVER-67940
http://packetstormsecurity.com/files/164013/Confluence-Server-7.12.4-OGNL-Injection-Remote-Code-Execution.html

Copyright 2021, cxsecurity.com

 

Back to Top